GHSA-jr9m-v5qh-mh2j

Suggest an improvement
Source
https://github.com/advisories/GHSA-jr9m-v5qh-mh2j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jr9m-v5qh-mh2j/GHSA-jr9m-v5qh-mh2j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jr9m-v5qh-mh2j
Aliases
Published
2022-05-13T01:07:34Z
Modified
2024-10-07T15:12:16.182152Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Neutron overlapping security group rules prevents compute node network configuration
Details

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

References

Affected packages

PyPI / neutron

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
11.0.7

Affected versions

11.*

11.0.3
11.0.4
11.0.5
11.0.6

PyPI / neutron

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12.0.0
Fixed
12.0.6

Affected versions

12.*

12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5

PyPI / neutron

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.0.3

Affected versions

13.*

13.0.0
13.0.1
13.0.2